en:aux_support:gpg:symmetric
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
en:aux_support:gpg:symmetric [2018/11/01 11:54] superadmin created |
en:aux_support:gpg:symmetric [2018/11/01 13:22] (current) edoc2 [Decryption] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Symmetric encryption ====== | ====== Symmetric encryption ====== | ||
| + | This is basically the most simple type of encryption we can perform with GnuPG. No private or public keys are involved in the process. Instead of the keys we just use a passphrase (password). So it's important to use a long and complex enough passphrase. | ||
| + | |||
| + | ===== Creating the passphrase ===== | ||
| + | |||
| + | A good practice would be using 12 - 45 randomly chosen characters combining alphanumeric characters ([0-9], | ||
| + | |||
| + | In Linux we have a utility program, pwgen, which will create random strings for passphrase purpose. | ||
| + | |||
| + | Example using pwgen: (create single 20 character long passphrase, no special characters) | ||
| + | |||
| + | $ pwgen -s 20 1 | ||
| + | EiLdHF7meFXsbN8PTUWz | ||
| + | |||
| + | And one more example with special characters: | ||
| + | |||
| + | $ pwgen -sy 20 1 | ||
| + | !xZF3GLv$-, | ||
| + | |||
| + | Note: Sometimes it's more convenient to use slightly longer passphrase without special characters. | ||
| + | |||
| + | ==== Encryption ===== | ||
| + | |||
| + | So we have **my_text.txt** file which we want to encrypt by using symmetric encryption: | ||
| + | |||
| + | $ gpg --symmetric my_text.txt | ||
| + | | ||
| + | After hitting [ENTER], gpg will ask you to input the passphrase (twice). | ||
| + | |||
| + | If everything went well (no mistakes while entering the password), a new file with name **my_text.txt.gpg** will be created. | ||
| + | |||
| + | **my_text.txt.gpg** contains the encrypted version of the file. This file can now be transmitted via email or simply just held for later purpose on the filesystem. In the later case it's of course important to remove the original file from the filesystem. | ||
| + | |||
| + | Example of removing the original (plaintext) file: | ||
| + | |||
| + | $ shred my_text.txt; | ||
| + | | ||
| + | **Warning: | ||
| + | |||
| + | ==== Decryption ===== | ||
| + | |||
| + | Decrypting **my_text.txt.gpg** back to readable (plaintext) format: | ||
| + | |||
| + | $ gpg -d my_text.txt.gpg > my_plain_text.txt | ||
| + | | ||
| + | After hitting [ENTER] gpg will prompt for the password (unless you do this operation on the same computer directly after creating the encrypted version in which case the password is still in gpg's cache so enquiry will be omitted). | ||
| + | |||
| + | If the operation was successful we now have **my_plain_text.txt** file which can be opened normally with associated application. | ||
en/aux_support/gpg/symmetric.1541073247.txt.gz ยท Last modified: 2018/11/01 11:54 by superadmin
Page Tools
